Platform-link reorder endpoint accepts duplicate and partial ordering states that violate ordering invariants

[Ridanshi]

Summary

The reorder workflow accepts duplicate displayOrder values and incomplete ordering submissions.

This allows platform-link ordering state to become inconsistent and nondeterministic.

Affected Files

• profileService.ts
• validators.ts

Root Cause

The reorder endpoint validates request structure but does not enforce ordering invariants.

Duplicate displayOrder values are accepted and partial reorder requests leave other links in undefined ordering states.

Reproduction

1. Submit a reorder request containing duplicate displayOrder values.
2. Submit a reorder request that omits some platform links.
3. Inspect the resulting ordering state.
4. Observe duplicate or inconsistent ordering values.

Expected Behavior

Reorder requests should represent a complete, unique ordering of all platform links belonging to the user.

Actual Behavior

Duplicate and partial ordering states are accepted and persisted.

Why This Is Difficult To Detect

Most tests validate payload structure rather than ordering correctness.

The issue only appears when malformed but structurally valid reorder requests are submitted.

Production Impact

• Nondeterministic ordering
• Broken profile presentation
• Inconsistent reorder behavior
• Persistent ordering corruption

Suggested Fix

Validate that all user links are included exactly once and that displayOrder values form a unique complete sequence.

Severity

High

[Ridanshi]

I investigated this issue and would like to work on it.

The current reorder workflow appears to validate payload shape without enforcing ordering invariants.

I plan to:

• review reorder validation logic
• enforce complete and unique ordering guarantees
• preserve existing reorder functionality
• add regression tests covering malformed ordering scenarios

Please assign this issue to me.